aboutsummaryrefslogtreecommitdiff
path: root/connector
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2019-09-11 08:03:54 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2019-09-11 08:03:54 +0200
commitb424e20e6497d6eadb559054d884f9f65d69411d (patch)
tree8f9922cd7373b5f9f685a4367a5a42b8e58959fa /connector
parentab4bba8177a5b4382d9ebe8996b76c5c5200e4a3 (diff)
parent5210dd7fef20776084f1106836f0e367654d6549 (diff)
downloadNational_eIDAS_Gateway-b424e20e6497d6eadb559054d884f9f65d69411d.tar.gz
National_eIDAS_Gateway-b424e20e6497d6eadb559054d884f9f65d69411d.tar.bz2
National_eIDAS_Gateway-b424e20e6497d6eadb559054d884f9f65d69411d.zip
Merge branch 'master' into nightlybuild
# Conflicts: # basicConfig/default_config.properties # connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSeIDASNodeConstants.java # eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/SZRClientTest.java # eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASAttributePostProcessingTest.java # pom.xml
Diffstat (limited to 'connector')
-rw-r--r--connector/pom.xml2
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java49
2 files changed, 49 insertions, 2 deletions
diff --git a/connector/pom.xml b/connector/pom.xml
index d1131618..2b1f4ee8 100644
--- a/connector/pom.xml
+++ b/connector/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>at.asitplus.eidas</groupId>
<artifactId>ms_specific</artifactId>
- <version>1.0.2-snapshot</version>
+ <version>1.0.3-snapshot</version>
</parent>
<groupId>at.asitplus.eidas.ms_specific</groupId>
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
index 12dffe45..94b0cc02 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java
@@ -39,11 +39,14 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.xml.XMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants;
import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
@@ -51,11 +54,14 @@ import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
public class AuthnRequestValidator implements IAuthnRequestValidator {
private static final Logger log = LoggerFactory.getLogger(AuthnRequestValidator.class);
+ @Autowired(required=true) private IConfiguration basicConfig;
+
@Override
public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq,
SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException {
@@ -98,7 +104,48 @@ public class AuthnRequestValidator implements IAuthnRequestValidator {
//post-process requested LoA
List<String> reqLoA = extractLoA(authnReq);
- pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(reqLoA);
+
+ LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration(
+ MSeIDASNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL,
+ EAAFConstants.EIDAS_LOA_HIGH));
+ if (minimumLoAFromConfig == null) {
+ log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default", EAAFConstants.EIDAS_LOA_HIGH);
+ minimumLoAFromConfig = LevelOfAssurance.HIGH;
+
+ }
+
+ log.trace("Validate requested LoA to connector configuration minimum LoA: {} ...", minimumLoAFromConfig);
+ List<String> allowedLoA = new ArrayList<>();
+ for (String loa : reqLoA) {
+ try {
+ LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa);
+ String selectedLoA = EAAFConstants.EIDAS_LOA_HIGH;
+ if (intLoa != null &&
+ intLoa.numericValue() >= minimumLoAFromConfig.numericValue()) {
+ log.info("Client: {} requested LoA: {} will be upgraded to: {}",
+ pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(),
+ loa,
+ minimumLoAFromConfig);
+ selectedLoA = intLoa.getValue();
+
+ }
+
+ if (!allowedLoA.contains(selectedLoA)) {
+ log.debug("Allow LoA: {} for Client: {}",
+ selectedLoA,
+ pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+ allowedLoA.add(selectedLoA);
+
+ }
+
+ } catch (IllegalArgumentException e) {
+ log.warn("LoA: {} is currently NOT supported and it will be ignored.", loa);
+
+ }
+
+ }
+
+ pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).setRequiredLoA(allowedLoA);
//post-process requested LoA comparison-level
String reqLoAComperison = extractComparisonLevel(authnReq);